package com.hzw.saas.web.admin.security;

import com.hzw.saas.api.rbac.IUserRoleService;
import com.hzw.saas.api.sys.service.ISysUserService;
import com.hzw.saas.api.user.IStaffService;
import com.hzw.saas.common.security.token.MyDefaultAccessTokenConverter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.provider.token.*;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;

import java.util.Arrays;

/**
 * 重写saas-common-security中的TokenStore
 *
 * @author sonam
 * @sine 2021/11/2 5:05 下午
 */
@Configuration
@RequiredArgsConstructor
public class AdminSecurityConfig {

    private final IStaffService staffService;
    private final IUserRoleService userRoleService;
    private final UserDetailsService userDetailsService;
    private final ISysUserService sysUserService;

    private static final String JKS_PATH = "saasr2.jks";
    private static final String KEY_PASS = "hzwsaasr2";
    private static final String KEY_STORE_ALIAS = "saasr2";

    @Bean
    @Primary
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    @Primary
    public TokenEnhancer tokenEnhancer() {
        TokenEnhancerChain chain = new TokenEnhancerChain();
        chain.setTokenEnhancers(Arrays.asList(jwtAccessTokenConverter(), new AdminAdditionalInformation(userRoleService, staffService,sysUserService)));
        return chain;
    }

    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        KeyStoreKeyFactory factory = new KeyStoreKeyFactory(new ClassPathResource(JKS_PATH), KEY_PASS.toCharArray());
        converter.setKeyPair(factory.getKeyPair(KEY_STORE_ALIAS));
        converter.setAccessTokenConverter(accessTokenConverter());
        return converter;
    }

    public AccessTokenConverter accessTokenConverter() {
        DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
        MyDefaultAccessTokenConverter userAuthenticationConverter = new MyDefaultAccessTokenConverter();
        accessTokenConverter.setUserTokenConverter(userAuthenticationConverter);
        return accessTokenConverter;
    }

//    /**
//     * admin，使用JwtToken即可
//     * @return
//     */
//    @Bean
//    @Primary
//    public SaasTokenService defaultTokenServices() {
//        SaasTokenService tokenServices = new SaasTokenService(false);
//        tokenServices.setTokenStore(tokenStore());
//        //支持刷新token
//        tokenServices.setSupportRefreshToken(false);
//        tokenServices.setReuseRefreshToken(true);
//        tokenServices.setTokenEnhancer(tokenEnhancer());
//        addUserDetailsService(tokenServices);
//        return tokenServices;
//    }
//
//    private void addUserDetailsService(SaasTokenService tokenServices) {
//        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
//        provider.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(userDetailsService));
//        tokenServices.setAuthenticationManager(new ProviderManager(Collections.singletonList(provider)));
//    }

}
